One Year to Go: Some Progress Made, But Many Large U.S. Firms Still Not Ready for May 2018 European Data Mandates

Published on May 18, 2017

Survey: 94 Percent Possess EU Customer Data, but Only 60 Percent Have Detailed Plans in Place for GDPR Compliance

88 percent of U.S. companies say they are well-briefed on GDPR, an increase from last year’s survey and a positive sign. However, 90 percent are concerned about their ability to use customer data within new compliance rules.

Only 60 percent of U.S. respondents have plans in place to respond to the impact the GDPR will have on how they handle customer data.

85 percent admit it’s sometimes difficult to know exactly where all the data resides, a key capability needed to meet “Right to be Forgotten” mandates.

These U.S. companies must improve their data governance and test data management capabilities across all platforms, or face serious consequences for non-compliance, including heavy fines.

DETROIT, May 18, 2017 (GLOBE NEWSWIRE) — With one year to go before the May 25, 2018 EU General Data Protection Regulations (GDPR) deadline, many U.S. businesses with European customers are not fully prepared to comply with the new laws, which include “Right to be Forgotten” customer consent mandates and regulations on how customer data is handled. U.S. companies will face hefty fines or lawsuits if they don’t fully comply.

A new survey, the second in a series sponsored by Compuware Corporation, shows progress with 88 percent of U.S. large-company CIOs saying they are well-briefed on the impending laws, up from 73 percent, when asked the same question last year. However, only 60 percent have detailed plans in place to address the new laws’ requirements. This is up from 33 percent from last year’s survey, but suggests there is still significant work ahead.

94 percent of the large U.S. company CIOs surveyed say their companies have personally identifiable information (PII) on EU customers, making the new mandates applicable to them.

Particularly challenging is the mandate to obtain customer permission to use PII in application testing, a critical part of software development. 55 percent of U.S. firms have a plan in place to address this, but nearly one-third say they don’t fully understand the impact of this ruling.

The data complexity of modern systems is also an issue, as 85 percent admit it’s sometimes difficult to know exactly where all their customer data resides, an increase from last year’s survey with 78 percent then admitting that difficulty.

“U.S. organizations are heading in the right direction on GDPR compliance, but there is still work to be done to improve data governance capabilities,” said Chris O’Malley, CEO of Compuware. “Manual processes that are used to locate and protect customer data must be replaced with automated capabilities that enable businesses to quickly, accurately and visually manage data privatization and protection.”

The findings also reveal U.S. organizations are better prepared for the GDPR than their European counterparts. Compared to the 60 percent of U.S. companies saying they have detailed and far-reaching plans in place, only 19 percent of UK companies have such plans prepared, a modest improvement of only one percent since last year.

U.S. respondents ranked their biggest GDPR compliance hurdles to overcome as follows:

Design and implementation of internal processes (65 percent)

Securing customer consent to use their personal data and handling the process of data withdrawal if requested by the customer (64 percent)

Ensuring data quality (52 percent)

Cost of implementation (43 percent)

Data complexity (41 percent)

Conducted by independent research company Vanson Bourne, the survey was administered to 400 CIOs at large companies across vertical markets in both the U.S. and Europe. The above results represent U.S. respondents only.

This survey, conducted in April 2017, was a follow up to a similar survey conducted in 2016. Review the results and analysis of the 2016 GDPR research here: http://hubs.ly/H07qN5W0.

Compuware CorporationCompuware empowers the world’s largest companies to excel in the digital economy by fully leveraging their high-value mainframe investments. We do this by delivering highly innovative solutions that uniquely enable IT professionals with mainstream skills to manage mainframe applications, data, and platform operations. Learn more at compuware.com.